The National Institute of Standards and Technology (NIST) has released an updated version of the widely utilized Cybersecurity Framework (CSF), a key guidance document for mitigating cybersecurity risks. The new 2.0 edition is crafted to cater to diverse audiences, spanning across various industries and organizational types, from small schools and nonprofits to large agencies and corporations, irrespective of their level of cybersecurity expertise.

In response to feedback received on the draft, NIST has expanded the core guidance of CSF and developed supplementary resources to enhance users’ utilization of the framework. These resources are specifically tailored to different audiences, offering customized pathways into the CSF and facilitating the practical implementation of the framework.

CSF 2.0 is not just a single document but a suite of resources that can be adapted and utilized individually or collectively over time as an organization’s cybersecurity needs evolve. The updated framework, which aligns with the National Cybersecurity Strategy, extends its focus beyond safeguarding critical infrastructure to include all organizations across sectors. Additionally, it introduces a new emphasis on governance, highlighting the importance of informed decision-making in cybersecurity strategy.

Developed collaboratively with stakeholders, the update aims to enhance the framework’s relevance to a broader user base both in the United States and internationally, addressing the latest cybersecurity challenges and management practices. 

Recognizing that organizations approach the CSF with diverse needs and levels of experience, the updated framework provides implementation examples and quick-start guides designed for specific user types, such as small businesses, enterprise risk managers, and those securing their supply chains.

Read more here.